Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2022-43946 | Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient Multiple vulnerabilities including an incorrect permission assignment for critical resource [CWE-732] vulnerability and a time-of-check time-of-use (TOCTOU) race condition [CWE-367] vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute commands via writing data into a windows pipe. | 8.1 |
| 2023-04-07 | CVE-2022-43309 | Incorrect Permission Assignment for Critical Resource vulnerability in Supermicro products Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. | 5.5 |
| 2023-04-05 | CVE-2023-0944 | Incorrect Permission Assignment for Critical Resource vulnerability in Imaworldhealth Bhima 1.27.0 Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. | 4.3 |
| 2023-04-03 | CVE-2023-0225 | Incorrect Permission Assignment for Critical Resource vulnerability in Samba A flaw was found in Samba. | 4.3 |
| 2023-04-03 | CVE-2022-43773 | Incorrect Permission Assignment for Critical Resource vulnerability in Hitachi Vantara Pentaho Business Analytics Server 9.4.0.0 Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x is installed with a sample HSQLDB data source configured with stored procedures enabled. | 8.8 |
| 2023-03-28 | CVE-2023-1516 | Incorrect Permission Assignment for Critical Resource vulnerability in Robodk 5.5.3 RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK process and achieve code execution. | 7.8 |
| 2023-03-27 | CVE-2023-25817 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Server Nextcloud server is an open source, personal cloud implementation. | 8.1 |
| 2023-03-27 | CVE-2023-1135 | Incorrect Permission Assignment for Critical Resource vulnerability in Deltaww Infrasuite Device Master 00.00.01A/00.00.02A In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | 7.8 |
| 2023-03-27 | CVE-2023-27096 | Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J 1.4.3 Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. | 6.5 |
| 2023-03-23 | CVE-2022-3101 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products A flaw was found in tripleo-ansible. | 5.5 |